Thirteen years in digital marketing taught me exactly how the surveillance machine works. The line every parent uses — what could they possibly do with one cute photo? — doesn't survive five minutes of contact with reality. The platform isn't selling memories back to you. It's renting your kid's face out the back door.
By age 13, the average child has 1,300-plus photos and videos of themselves online — and they didn't post any of them. Their parents did. The number comes from a 2018 UK Children's Commissioner report, and every year since has piled on. You're not preserving memories. You're building an archive someone else owns.
01 The Consent Problem
We live in the so-called Age of Consent. Funny thing — most parents never ask the kid before posting. And when a kid does say yes, they don't actually understand what they're agreeing to. Their face, their name, their first bad haircut — searchable forever, by anyone with a browser.
Grown adults post dumb things and pay for it years later. A six-year-old has zero shot at predicting what today's adorable post means in 2040. Future bullying, embarrassment, identity crisis — those aren't theoretical. Those are receipts coming due.
Today's yes isn't tomorrow's comfort.
02 Digital Permanence — You Don't Get to Take It Back
Deleting the photo, blocking the account, locking the profile — those feel like off-switches. They're not. They're leaks. There is no federal U.S. right to be forgotten. California's CCPA — California Consumer Privacy Act — gives some deletion rights against businesses. The European Union's GDPR Article 17 is stronger. Most of America gets neither.
That bathtub photo from 2014 isn't sitting in Grandma's feed. It's somewhere in this pipeline:
- Folded into an AI training set — Meta, Adobe, and Google have all updated terms to claim training rights on uploaded content.
- Scraped into a facial-recognition database before you've even closed the app.
- Sitting on a forgotten server owned by an ad-tech zombie company, five acquisitions in.
- Indexed and resold by a data broker you've never heard of.
- Copied to backup mirrors and screenshot caches no takedown will ever reach.
The internet doesn't forget. It hoards. You can delete a post. You can't recall its copies. Your kid might walk into a job interview, a college admissions screen, or a security clearance review in 2040 carrying a footprint they never built.
03 Sharenting and Kidfluencing
Nobody sets out to exploit their kid. But sharenting is the soft launch of surveillance capitalism. It starts innocent — a milestone, a tantrum, a dance video for the relatives. Algorithms don't care about sentiment. They run on engagement. The kid's face racks up likes, the parent gets the dopamine hit, the cycle locks in. That cute content is currency.
Some parents go further. Whole accounts revolve around the kid. Memory-making becomes monetization — ad deals, affiliate links, merch. Welcome to kidfluencing: millions of followers before the baby teeth fall out, with almost none of the labor protections child actors got after Hollywood's Coogan Law in 1939.
That's finally starting to change at the state level:
- Illinois — SB 1782, effective July 1, 2024. Kid in 30%+ of monetized content? Earnings go in trust until 18. Kids can sue if it doesn't happen.
- Minnesota — similar law, effective July 1, 2025. Goes further: bans content-creation work by kids under 14 entirely.
- Eight more states pending — Arizona, California, Georgia, Maryland, Missouri, Ohio, Pennsylvania, Washington.
The deeper problem stays the same. Childhood becomes content. Real joy, grief, boredom — uploaded for public consumption with no real consent and no context. Kids deserve to grow up as people, not personal brands. Memories, not metrics.
04 Safety and Privacy Risks (U.S.)
Faces become fuel. One photo can be scraped into facial recognition, dropped into an AI training set, or reused in disturbing ways. U.S. law mostly targets companies, not parents. And once a model trains on the image, deleting the post doesn't untrain the model. Illinois' BIPA — Biometric Information Privacy Act — is a rare exception. It won't rewind the internet.
Real-world example. October 2023. Westfield High School, New Jersey. A male student used a basic AI app to generate sexualized deepfakes of more than 30 female classmates. Source photos: ordinary social media. No hacking. No exotic tools. The girls had no clear legal recourse at the time. CNN ↗
That case helped push the federal TAKE IT DOWN Act through Congress in 2025 — civil and criminal penalties for non-consensual intimate imagery, including AI-generated. Senate passed unanimously. House voted 409-2. NJSBF ↗
"It could happen to anyone."Francesca Mani — Westfield deepfake survivor & advocate
There's also the identity-theft angle nobody talks about. Synthetic identity fraud loves a clean Social Security number paired with a recognizable face. A kid's credit goes unmonitored for 18 years. By the time they apply for a student loan, the damage is baked in. Freeze your kid's credit at all three bureaus. Free under federal law since 2018. Most parents have never heard of it.
05 Meanwhile, Other Countries Did Something
While the U.S. argues, France went and did it. Law No. 2024-120, signed February 19, 2024, wrote children's image rights directly into the French Civil Code. Both parents have to agree before posting. A judge can strip a parent's publishing rights if it gets out of hand. The CNIL — France's data protection authority — has already added sharenting cases to its enforcement program. Baker McKenzie ↗
Wild concept: treat a child's face like it belongs to the child.
06 Healthier Ways to Share
You don't need to disappear. You need to be selective. E2EE — end-to-end encryption — means the platform itself can't read what you send. That's the bar.
- ✅ Signal — E2EE by default, disappearing messages, built-in face blur, no ad tracking.
- ✅ Ente Photos — true E2EE albums, family plans, cross-platform.
- ✅ Proton Drive — E2EE storage with password-protected, expiring album links.
- ✅ iMessage between Apple devices, with Advanced Data Protection on.
- ❌ Telegram default chats — groups aren't E2EE, only 1-on-1 secret chats.
- ❌ Public Instagram or Facebook posts of minors. Period.
- ❌ Cloud share links without password or expiration.
- ❌ SMS fallback — green bubbles aren't encrypted.
Ask the kid first. Three-green-lights rule: kid says yes, parent says yes, privacy says yes. One red light, don't post. Better gut check yet — would you put this on a billboard with their full name underneath? If no, it doesn't go online either.
Five-minute setup. Do it now:
- Pick your lane — Signal for chat, Ente or Proton Drive for albums.
- Disable camera geotagging on every phone in the house. Scrub EXIF on existing photos.
- Freeze your kid's credit at Equifax, Experian, and TransUnion. Free, ~20 minutes total.
- Ban public links. Use password and expiry when you must share.
- Tell the relatives the rules. Faces off. School logos off. Private albums only.